161 lines
4.5 KiB
Bash
161 lines
4.5 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Wireguard / VPN Service
|
|
|
|
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
get_appvars
|
|
|
|
config_wireguard() {
|
|
echo -ne "* Configuring wireguard container.."
|
|
|
|
if [ ! -d "/federated/apps/wireguard" ]; then
|
|
mkdir -p /federated/apps/wireguard/data/config/coredns
|
|
fi
|
|
|
|
cat > /federated/apps/wireguard/docker-compose.yml <<EOF
|
|
services:
|
|
wireguard:
|
|
image: linuxserver/wireguard:\${IMAGE_VERSION}
|
|
container_name: wireguard
|
|
hostname: wireguard.$DOMAIN
|
|
restart: always
|
|
networks:
|
|
core:
|
|
ipv4_address: 192.168.0.24
|
|
ports:
|
|
- 51820:51820/udp
|
|
volumes:
|
|
- ./data/config:/config
|
|
- ./data/etc/coredns/Corefile:/etc/coredns/Corefile
|
|
- /lib/modules:/lib/modules
|
|
env_file:
|
|
- ./.env
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
sysctls:
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
|
|
networks:
|
|
core:
|
|
external: true
|
|
EOF
|
|
|
|
cat > /federated/apps/wireguard/.env <<EOF
|
|
IMAGE_VERSION="$(current_version wireguard)"
|
|
PUID=1000
|
|
PGID=1000
|
|
SERVERURL=wireguard.$DOMAIN
|
|
SERVERPORT=51820
|
|
PEERS=1
|
|
PEERDNS=auto
|
|
ALLOWEDIPS=0.0.0.0/0,::/0,192.168.0.0/16,10.13.13.1/32
|
|
LOG_CONFS=true
|
|
EOF
|
|
chmod 600 /federated/apps/wireguard/.env
|
|
|
|
cat > /federated/apps/wireguard/data/config/coredns/Corefile <<EOF
|
|
. {
|
|
hosts {
|
|
192.168.0.13 powerdns.$DOMAIN
|
|
192.168.0.13 traefik.$DOMAIN
|
|
192.168.0.13 panel.$DOMAIN
|
|
192.168.0.13 nextcloud.$DOMAIN
|
|
192.168.0.13 listmonk.$DOMAIN
|
|
192.168.0.13 vaultwarden.$DOMAIN
|
|
192.168.0.13 jitsi.$DOMAIN
|
|
192.168.0.13 element.$DOMAIN
|
|
192.168.0.13 matrix.$DOMAIN
|
|
192.168.0.13 baserow.$DOMAIN
|
|
192.168.0.13 gitea.$DOMAIN
|
|
192.168.0.13 autodiscover.$DOMAIN
|
|
192.168.0.13 castopod.$DOMAIN
|
|
192.168.0.13 wordpress.$DOMAIN
|
|
192.168.0.13 bookstack.$DOMAIN
|
|
192.168.0.13 freescout.$DOMAIN
|
|
192.168.0.13 msp.$DOMAIN
|
|
192.168.0.13 espocrm.$DOMAIN
|
|
192.168.0.13 calcom.$DOMAIN
|
|
192.168.0.13 dashboard.$DOMAIN
|
|
192.168.0.13 roundcube.$DOMAIN
|
|
192.168.0.13 discourse.$DOMAIN
|
|
192.168.0.13 plane.$DOMAIN
|
|
fallthrough
|
|
}
|
|
loop
|
|
health
|
|
forward . /etc/resolv.conf
|
|
}
|
|
EOF
|
|
|
|
echo -ne "done.\n"
|
|
}
|
|
email_wireguard() {
|
|
echo -ne "* Sending email to customer.."
|
|
|
|
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
|
|
<html>
|
|
<img src="https://www.federated.computer/wp-content/uploads/2023/11/logo.png" alt="" /><br>
|
|
<p>
|
|
<h4>Wireguard is now installed on $DOMAIN</h4>
|
|
<p>
|
|
Your core comes with a very powerful VPN solution built using Wireguard. The following information is
|
|
needed by your users so that they can use the VPN. Please treat this information as a very important
|
|
secret. There are two important parts of the VPN:
|
|
<p>
|
|
Here is your VPN configuration:<br>
|
|
<code>
|
|
|
|
EOF
|
|
sed "s/$/<br>/" /federated/apps/wireguard/data/config/peer1/peer1.conf >> /federated/apps/mail/data/root/certs/mailfile
|
|
|
|
cat >> /federated/apps/mail/data/root/certs/mailfile <<EOF
|
|
|
|
</code>
|
|
<h4>Thanks for your support!</h4>
|
|
<p>
|
|
Thank you for your support of Federated Computer. We really appreciate it and hope you have a very successful
|
|
time with Federated Core.
|
|
<p>
|
|
Again, if we can be of any assistance, please don't hesitate to get in touch.
|
|
<p>
|
|
Support: https://support.federated.computer<br>
|
|
Phone: (970) 722-8715<br>
|
|
Email: support@federated.computer<br>
|
|
<p>
|
|
It's <b>your</b> computer. Let's make it work for you!
|
|
</html>
|
|
EOF
|
|
|
|
# Send out e-mail from mail container with details
|
|
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
|
|
rm /federated/apps/mail/data/root/certs/mailfile
|
|
|
|
echo -ne "done.\n"
|
|
}
|
|
uninstall_wireguard() {
|
|
echo -ne "* Uninstalling wireguard container.."
|
|
|
|
# First stop the service
|
|
cd /federated/apps/wireguard && docker compose -f docker-compose.yml -p wireguard down &> /dev/null
|
|
|
|
# Delete the app directory
|
|
rm -rf /federated/apps/wireguard
|
|
|
|
docker exec pdns pdnsutil delete-rrset $DOMAIN vpn A
|
|
docker exec pdns pdnsutil delete-rrset $DOMAIN wireguard A
|
|
|
|
echo -ne "done.\n"
|
|
}
|
|
start_wireguard() {
|
|
# Start service with command to make sure it's up before proceeding
|
|
start_service "wireguard" "nc -uvz 192.168.0.24 51820 &> /dev/null" "8"
|
|
|
|
docker exec pdns pdnsutil add-record $DOMAIN wireguard A 86400 $EXTERNALIP &> /dev/null
|
|
[ $? -ne 0 ] && fail "Couldn't add dns record"
|
|
docker exec pdns pdnsutil add-record $DOMAIN vpn A 86400 $EXTERNALIP &> /dev/null
|
|
[ $? -ne 0 ] && fail "Couldn't add dns record"
|
|
|
|
echo -ne "done."
|
|
}
|